Skip to content

Commit 25b9cd9

Browse files
spencerschrockspencerschrock
authored
🌱 Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (#1547)
Signed-off-by: Spencer Schrock <[email protected]>
1 parent 18cc9b8 commit 25b9cd9

File tree

3 files changed

+126
-121
lines changed

3 files changed

+126
-121
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# NOTE: Keep this in sync with go.mod for ossf/scorecard.
2-
LDFLAGS=-X sigs.k8s.io/release-utils/version.gitVersion=v5.1.1 -X sigs.k8s.io/release-utils/version.gitCommit=cd152cb6742c5b8f2f3d2b5193b41d9c50905198 -w -extldflags \"-static\"
2+
LDFLAGS=-X sigs.k8s.io/release-utils/version.gitVersion=v5.2.0 -X sigs.k8s.io/release-utils/version.gitCommit=f08e8fbdb73dbde0533803fdbad3fd4186825314 -w -extldflags \"-static\"
33

44
build: ## Runs go build on repo
55
# Run go build and generate scorecard executable

go.mod

Lines changed: 35 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -6,21 +6,21 @@ require (
66
github.com/caarlos0/env/v6 v6.10.1
77
github.com/google/go-cmp v0.7.0
88
github.com/google/go-github/v46 v46.0.0
9-
github.com/ossf/scorecard/v5 v5.1.1
9+
github.com/ossf/scorecard/v5 v5.2.0
1010
github.com/sigstore/cosign/v2 v2.5.0
1111
github.com/spf13/cobra v1.9.1
1212
golang.org/x/net v0.39.0
1313
)
1414

1515
require (
1616
cel.dev/expr v0.20.0 // indirect
17-
cloud.google.com/go v0.118.3 // indirect
18-
cloud.google.com/go/auth v0.15.0 // indirect
19-
cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
17+
cloud.google.com/go v0.121.0 // indirect
18+
cloud.google.com/go/auth v0.16.1 // indirect
19+
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
2020
cloud.google.com/go/compute/metadata v0.6.0 // indirect
21-
cloud.google.com/go/iam v1.4.1 // indirect
21+
cloud.google.com/go/iam v1.5.2 // indirect
2222
cloud.google.com/go/monitoring v1.24.0 // indirect
23-
cloud.google.com/go/storage v1.50.0 // indirect
23+
cloud.google.com/go/storage v1.53.0 // indirect
2424
dario.cat/mergo v1.0.1 // indirect
2525
deps.dev/api/v3 v3.0.0-20250212032435-884efa3be969 // indirect
2626
deps.dev/util/maven v0.0.0-20250212032435-884efa3be969 // indirect
@@ -38,11 +38,11 @@ require (
3838
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
3939
github.com/BurntSushi/toml v1.4.0 // indirect
4040
github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
41-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0 // indirect
42-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.50.0 // indirect
43-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0 // indirect
41+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
42+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect
43+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect
4444
github.com/Microsoft/go-winio v0.6.2 // indirect
45-
github.com/ProtonMail/go-crypto v1.1.5 // indirect
45+
github.com/ProtonMail/go-crypto v1.1.6 // indirect
4646
github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
4747
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
4848
github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
@@ -76,15 +76,15 @@ require (
7676
github.com/blang/semver v3.5.1+incompatible // indirect
7777
github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
7878
github.com/bombsimon/logrusr/v2 v2.0.1 // indirect
79-
github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 // indirect
79+
github.com/bradleyfalzon/ghinstallation/v2 v2.15.0 // indirect
8080
github.com/buildkite/agent/v3 v3.95.1 // indirect
8181
github.com/buildkite/go-pipeline v0.13.3 // indirect
8282
github.com/buildkite/interpolate v0.1.5 // indirect
8383
github.com/buildkite/roko v1.3.1 // indirect
8484
github.com/cespare/xxhash/v2 v2.3.0 // indirect
8585
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
8686
github.com/clbanning/mxj/v2 v2.7.0 // indirect
87-
github.com/cloudflare/circl v1.6.0 // indirect
87+
github.com/cloudflare/circl v1.6.1 // indirect
8888
github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect
8989
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
9090
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
@@ -97,9 +97,9 @@ require (
9797
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
9898
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
9999
github.com/dimchansky/utfbom v1.1.1 // indirect
100-
github.com/docker/cli v27.5.1+incompatible // indirect
100+
github.com/docker/cli v28.0.4+incompatible // indirect
101101
github.com/docker/distribution v2.8.3+incompatible // indirect
102-
github.com/docker/docker-credential-helpers v0.8.2 // indirect
102+
github.com/docker/docker-credential-helpers v0.9.3 // indirect
103103
github.com/dustin/go-humanize v1.0.1 // indirect
104104
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
105105
github.com/emirpasic/gods v1.18.1 // indirect
@@ -111,7 +111,7 @@ require (
111111
github.com/go-chi/chi v4.1.2+incompatible // indirect
112112
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
113113
github.com/go-git/go-billy/v5 v5.6.2 // indirect
114-
github.com/go-git/go-git/v5 v5.13.2 // indirect
114+
github.com/go-git/go-git/v5 v5.16.0 // indirect
115115
github.com/go-jose/go-jose/v3 v3.0.4 // indirect
116116
github.com/go-jose/go-jose/v4 v4.0.5 // indirect
117117
github.com/go-logr/logr v1.4.2 // indirect
@@ -138,7 +138,7 @@ require (
138138
github.com/google/go-containerregistry v0.20.3 // indirect
139139
github.com/google/go-github/v53 v53.2.0 // indirect
140140
github.com/google/go-github/v55 v55.0.0 // indirect
141-
github.com/google/go-github/v68 v68.0.0 // indirect
141+
github.com/google/go-github/v71 v71.0.0 // indirect
142142
github.com/google/go-querystring v1.1.0 // indirect
143143
github.com/google/gofuzz v1.2.0 // indirect
144144
github.com/google/osv-scanner v1.9.2 // indirect
@@ -150,6 +150,7 @@ require (
150150
github.com/h2non/filetype v1.1.3 // indirect
151151
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
152152
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
153+
github.com/hmarr/codeowners v1.2.1 // indirect
153154
github.com/ianlancetaylor/demangle v0.0.0-20240912202439-0a2b6291aafd // indirect
154155
github.com/imdario/mergo v0.3.16 // indirect
155156
github.com/in-toto/attestation v1.1.1 // indirect
@@ -161,7 +162,7 @@ require (
161162
github.com/josharian/intern v1.0.0 // indirect
162163
github.com/json-iterator/go v1.1.12 // indirect
163164
github.com/kevinburke/ssh_config v1.2.0 // indirect
164-
github.com/klauspost/compress v1.17.11 // indirect
165+
github.com/klauspost/compress v1.18.0 // indirect
165166
github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
166167
github.com/mailru/easyjson v0.9.0 // indirect
167168
github.com/mattn/go-colorable v0.1.14 // indirect
@@ -172,7 +173,7 @@ require (
172173
github.com/miekg/pkcs11 v1.1.1 // indirect
173174
github.com/mitchellh/go-homedir v1.1.0 // indirect
174175
github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c // indirect
175-
github.com/moby/buildkit v0.19.0 // indirect
176+
github.com/moby/buildkit v0.21.1 // indirect
176177
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
177178
github.com/modern-go/reflect2 v1.0.2 // indirect
178179
github.com/mozillazg/docker-credential-acr-helper v0.4.0 // indirect
@@ -182,7 +183,7 @@ require (
182183
github.com/oleiade/reflections v1.1.0 // indirect
183184
github.com/olekukonko/tablewriter v0.0.5 // indirect
184185
github.com/opencontainers/go-digest v1.0.0 // indirect
185-
github.com/opencontainers/image-spec v1.1.0 // indirect
186+
github.com/opencontainers/image-spec v1.1.1 // indirect
186187
github.com/opentracing/opentracing-go v1.2.0 // indirect
187188
github.com/owenrumney/go-sarif/v2 v2.3.3 // indirect
188189
github.com/package-url/packageurl-go v0.1.3 // indirect
@@ -234,39 +235,39 @@ require (
234235
github.com/vbatts/tar-split v0.12.1 // indirect
235236
github.com/xanzy/ssh-agent v0.3.3 // indirect
236237
github.com/zeebo/errs v1.4.0 // indirect
237-
gitlab.com/gitlab-org/api/client-go v0.127.0 // indirect
238+
gitlab.com/gitlab-org/api/client-go v0.128.0 // indirect
238239
go.mongodb.org/mongo-driver v1.14.0 // indirect
239240
go.opencensus.io v0.24.0 // indirect
240241
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
241-
go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
242-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect
243-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
242+
go.opentelemetry.io/contrib/detectors/gcp v1.35.0 // indirect
243+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
244+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
244245
go.opentelemetry.io/otel v1.35.0 // indirect
245246
go.opentelemetry.io/otel/metric v1.35.0 // indirect
246247
go.opentelemetry.io/otel/sdk v1.35.0 // indirect
247-
go.opentelemetry.io/otel/sdk/metric v1.34.0 // indirect
248+
go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
248249
go.opentelemetry.io/otel/trace v1.35.0 // indirect
249250
go.uber.org/multierr v1.11.0 // indirect
250251
go.uber.org/zap v1.27.0 // indirect
251252
gocloud.dev v0.40.0 // indirect
252253
golang.org/x/crypto v0.37.0 // indirect
253-
golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect
254+
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
254255
golang.org/x/mod v0.24.0 // indirect
255-
golang.org/x/oauth2 v0.29.0 // indirect
256-
golang.org/x/sync v0.13.0 // indirect
256+
golang.org/x/oauth2 v0.30.0 // indirect
257+
golang.org/x/sync v0.14.0 // indirect
257258
golang.org/x/sys v0.32.0 // indirect
258259
golang.org/x/telemetry v0.0.0-20250212145848-75305293b65a // indirect
259260
golang.org/x/term v0.31.0 // indirect
260-
golang.org/x/text v0.24.0 // indirect
261+
golang.org/x/text v0.25.0 // indirect
261262
golang.org/x/time v0.11.0 // indirect
262-
golang.org/x/tools v0.30.0 // indirect
263+
golang.org/x/tools v0.32.0 // indirect
263264
golang.org/x/vuln v1.1.4 // indirect
264265
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
265-
google.golang.org/api v0.227.0 // indirect
266+
google.golang.org/api v0.231.0 // indirect
266267
google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
267-
google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
268-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
269-
google.golang.org/grpc v1.71.0 // indirect
268+
google.golang.org/genproto/googleapis/api v0.0.0-20250428153025-10db94c68c34 // indirect
269+
google.golang.org/genproto/googleapis/rpc v0.0.0-20250428153025-10db94c68c34 // indirect
270+
google.golang.org/grpc v1.72.0 // indirect
270271
google.golang.org/protobuf v1.36.6 // indirect
271272
gopkg.in/inf.v0 v0.9.1 // indirect
272273
gopkg.in/ini.v1 v1.67.0 // indirect
@@ -279,7 +280,7 @@ require (
279280
k8s.io/klog/v2 v2.130.1 // indirect
280281
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
281282
k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
282-
mvdan.cc/sh/v3 v3.10.0 // indirect
283+
mvdan.cc/sh/v3 v3.11.0 // indirect
283284
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
284285
sigs.k8s.io/release-utils v0.11.1 // indirect
285286
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect

0 commit comments

Comments
 (0)